CVE-2015-3035

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2015-3035
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt Exploit
http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware Patch
http://seclists.org/fulldisclosure/2015/Apr/26 Exploit
http://www.tp-link.com/en/download/TL-WDR4300_V1.html#Firmware Patch
http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html Exploit
http://www.tp-link.com/en/download/Archer-C9_V1.html#Firmware Patch
http://www.tp-link.com/en/download/TL-WDR3500_V1.html#Firmware Patch
http://www.tp-link.com/en/download/TL-WR841N_V9.html#Firmware Patch
http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware Patch
http://www.tp-link.com/en/download/TL-WR741ND_V5.html#Firmware Patch
http://www.tp-link.com/en/download/TL-WR740N_V5.html#Firmware Patch
http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware Patch
http://www.tp-link.com/en/download/TL-WR841ND_V9.html#Firmware Patch
http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware Patch
http://www.securityfocus.com/bid/74050
http://www.securityfocus.com/archive/1/535240/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:tl-wr841n_\(9.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr841n_\(9.0\):*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tp-link:tl-wr740n_\(5.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr740n_\(5.0\):*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tp-link:archer_c5_\(1.2\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c5_\(1.2\):*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tp-link:tl-wr841n_\(10.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr841n_\(10.0\):*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tp-link:tl-wr741nd_\(5.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr741nd_\(5.0\):*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tp-link:tl-wdr3600_\(1.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wdr3600_\(1.0\):*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:tp-link:archer_c7_\(2.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c7_\(2.0\):*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:tp-link:tl-wr841nd_\(10.0\)_firmware:150104:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr841nd_\(10.0\):*:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:tp-link:archer_c9_\(1.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c9_\(1.0\):*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:tp-link:tl-wr841nd_\(9.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr841nd_\(9.0\):*:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:tp-link:archer_c8_\(1.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c8_\(1.0\):*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:tp-link:tl-wdr4300_\(1.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wdr4300_\(1.0\):*:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:tp-link:tl-wdr3500_\(1.0\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wdr3500_\(1.0\):*:*:*:*:*:*:*:*
Information

Published : 2015-04-21 18:59

Updated : 2018-10-09 12:56

NVD link : CVE-2015-3035

Mitre link : CVE-2015-3035

JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa
Products Affected

tp-link

  • archer_c9_\(1.0\)
  • archer_c8_\(1.0\)
  • archer_c5_\(1.2\)
  • tl-wr740n_\(5.0\)_firmware
  • tl-wdr4300_\(1.0\)
  • tl-wdr3500_\(1.0\)
  • tl-wdr4300_\(1.0\)_firmware
  • archer_c7_\(2.0\)_firmware
  • tl-wr841nd_\(9.0\)_firmware
  • tl-wr841n_\(10.0\)
  • tl-wdr3600_\(1.0\)_firmware
  • tl-wdr3600_\(1.0\)
  • archer_c9_\(1.0\)_firmware
  • tl-wr841nd_\(10.0\)
  • tl-wr740n_\(5.0\)
  • tl-wr741nd_\(5.0\)
  • tl-wr841nd_\(10.0\)_firmware
  • tl-wdr3500_\(1.0\)_firmware
  • tl-wr841nd_\(9.0\)
  • tl-wr741nd_\(5.0\)_firmware
  • archer_c5_\(1.2\)_firmware
  • archer_c8_\(1.0\)_firmware
  • tl-wr841n_\(9.0\)_firmware
  • tl-wr841n_\(9.0\)
  • tl-wr841n_\(10.0\)_firmware
  • archer_c7_\(2.0\)